US9794248B2ActiveUtilityA1

Alternative approach to deployment and payment for digital certificates

52
Assignee: LIU QUENTINPriority: Dec 23, 2009Filed: Dec 23, 2009Granted: Oct 17, 2017
Est. expiryDec 23, 2029(~3.5 yrs left)· nominal 20-yr term from priority
G06Q 30/04G06Q 30/0185G06Q 30/06H04L 63/0823
52
PatentIndex Score
0
Cited by
29
References
22
Claims

Abstract

A method for managing payment of digital certificates includes receiving a request to issue a digital certificate to a subscriber, capturing and saving payment information of the subscriber, performing a first authentication and verification of the subscriber at a first time, and performing at least one additional authentication and verification of the subscriber at least once every authentication period. A long-lived certificate is issued to the subscriber provided the subscriber is authenticated and verified. The long-lived certificate is valid for an expiration period. However, the long-lived certificate is revoked if (1) the additional authentications and verification produce invalid results, or (2) if payment is not received during a payment period. The authentication period is shorter than the expiration period and there are at least a first and a second authentication period within the expiration period. The expiration period is longer than the authentication period.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method comprising:
 receiving a request to issue a digital certificate to a subscriber system; 
 capturing, by a processor configured to perform digital certificate operations at a certificate authority system, and storing, in a memory at the certificate authority system, subscriber information of the subscriber system; 
 performing, by the processor, a first authentication and verification of the subscriber information; 
 issuing, by the processor, a long-lived digital certificate from the certificate authority system to the subscriber system over a network upon determining that the subscriber information in the first authentication and verification is authentic and valid, wherein the long-lived digital certificate is set to expire after an expiration period; 
 performing, by the processor, additional authentications and verifications of the subscriber information at least once during an authentication period, wherein the expiration period is longer than the authentication period, wherein there are multiple occurrences of the authentication period within the expiration period, wherein the number of authentication periods within the expiration period is determined based at least in part on the length of the expiration period, and wherein the additional authentication and verifications of the subscriber information do not comprise receiving a new request to issue a digital certificate to a subscriber system; and 
 causing, by the processor, revocation of the long-lived digital certificate at a revocation status database over a network upon determining that the subscriber information in any of the additional authentications and verifications is no longer valid or upon determining that payment is not received during a payment period, wherein the long-lived digital certificate is not reissued upon determining that the subscriber information in the additional authentications and verifications remains valid. 
 
     
     
       2. The method of  claim 1  wherein a first occurrence of the at least once during an authentication period and a second occurrence of the at least once during an authentication period have a same time duration. 
     
     
       3. The method of  claim 1  wherein a first occurrence of the at least once during an authentication period and a second occurrence of the at least once during an authentication period have different time durations. 
     
     
       4. The method of  claim 1  further comprising automatically requesting payment during the payment period from an account number, wherein the subscriber information comprises payment information, and wherein the account number is stored with the payment information of the subscriber system. 
     
     
       5. The method of  claim 1  further comprising receiving payment for the digital certificate before performing the first authentication and verification of the subscriber information. 
     
     
       6. The method of  claim 1  further comprising receiving payment for continued use of the long-lived digital certificate after performing one of the additional authentications and verifications of the subscriber information. 
     
     
       7. The method of  claim 1  further comprising requesting updated subscriber information from the subscriber system upon determining that the subscriber information in one of the additional authentications and verifications is no longer valid. 
     
     
       8. The method of  claim 1  further comprising causing revocation of the long-lived digital certificate at the revocation status database upon receiving a request to terminate the long-lived digital certificate. 
     
     
       9. The method of  claim 1  further comprising activating the long-lived digital certificate upon receiving payment for a payment period. 
     
     
       10. The method of  claim 1 :
 wherein the request to issue the digital certificate specifies a requested time period for the digital certificate to expire; and 
 wherein the expiration period of the long-lived digital certificate is set to be longer than the requested time period. 
 
     
     
       11. The method of  claim 1  wherein the expiration period is set to be five years. 
     
     
       12. The method of  claim 1  wherein the authentication period is eighteen months. 
     
     
       13. The method of  claim 1  wherein the payment period is three months. 
     
     
       14. The method of  claim 1  further comprising activating the long-lived digital certificate for the payment period upon receiving payment. 
     
     
       15. The method of  claim 1  wherein the authentication period and the payment period have different time durations. 
     
     
       16. The method of  claim 1  wherein the authentication period and the payment period have a same time duration. 
     
     
       17. A method comprising:
 receiving a request to issue a digital certificate to a subscriber system; 
 capturing, by a processor configured to perform digital certificate operations at a certificate authority system, and storing, in a memory at the certificate authority system, subscriber information of the subscriber system; 
 performing, by the processor, a first authentication and verification of the subscriber information; 
 issuing, by the processor, a long-lived digital certificate from the certificate authority system to the subscriber system over a network upon determining that the subscriber information in the first authentication and verification is authentic and valid, wherein the long-lived digital certificate is set to expire after an expiration period; 
 performing, by the processor, additional authentications and verifications of the subscriber information at least once during an authentication period, wherein the expiration period is longer than the authentication period, wherein there are multiple occurrences of the authentication period within the expiration period, wherein the number of authentication periods within the expiration period is determined based at least in part on the length of the expiration period, and wherein the additional authentication and verifications of the subscriber information do not comprise receiving a new request to issue a digital certificate to a subscriber system; and 
 causing, by the processor, revocation of the long-lived digital certificate at a revocation status database over a network upon determining that the subscriber information in any of the additional authentications and verifications is no longer valid, wherein the long-lived digital certificate is not reissued upon determining that the subscriber information in the additional authentications and verifications remains valid. 
 
     
     
       18. The method of  claim 17  further comprising causing revocation of the long-lived digital certificate at the revocation status database upon determining that payment is not received during a payment period. 
     
     
       19. A system comprising:
 an interface at a certificate authority system configured to:
 receive a request to issue a digital certificate to a subscriber system; 
 
 a processor configured to perform digital certificate operations at the certificate authority system, the operations configured to:
 capture and store, in a memory, subscriber information of the subscriber system; 
 perform a first authentication and verification of the subscriber information; 
 issue a long-lived digital certificate from the certificate authority system to the subscriber system over a network upon determination that the subscriber information in the first authentication and verification is authentic and valid, wherein the long-lived digital certificate is set to expire after an expiration period; 
 perform additional authentications and verifications of the subscriber information at least once during an authentication period, wherein the expiration period is longer than the authentication period, wherein there are multiple occurrences of the authentication period within the expiration period, wherein the number of authentication periods within the expiration period is determined based at least in part on the length of the expiration period, and wherein the additional authentication and verifications of the subscriber information do not comprise receiving a new request to issue a digital certificate to a subscriber system; and 
 cause revocation of the long-lived digital certificate at a revocation status database over a network upon determination that the subscriber information in any of the additional authentications and verifications is no longer valid, wherein the long-lived digital certificate is not reissued upon determination that the subscriber information in the additional authentications and verifications remains valid. 
 
 
     
     
       20. The system of  claim 19  wherein the processor is further configured to cause revocation of the long-lived digital certificate at the revocation status database upon determination that payment is not received during a payment period. 
     
     
       21. The system of  claim 20  wherein:
 the processor is further configured to generate during the payment period a payment request from an account number, wherein the subscriber information comprises payment information, and wherein the account number is stored in the memory with the payment information of the subscriber system; and 
 the processor is further configured to send the payment request to the subscriber system. 
 
     
     
       22. A non-transitory computer-readable memory having instructions that, when executed by a processor, cause the processor to:
 receive a request to issue a digital certificate to a subscriber system; 
 capture, by a processor configured to perform digital certificate operations at a certificate authority system, and store, in a memory at the certificate authority system, subscriber information of the subscriber system; 
 perform a first authentication and verification of the subscriber information; 
 issue a long-lived digital certificate from the certificate authority system to the subscriber system over a network upon determination that the subscriber information in the first authentication and verification is authentic and valid, wherein the long-lived digital certificate is set to expire after an expiration period; 
 perform additional authentications and verifications of the subscriber information at least once during an authentication period, wherein the expiration period is longer than the authentication period, wherein there are multiple occurrences of the authentication period within the expiration period, wherein the number of authentication periods within the expiration period is determined based at least in part on the length of the expiration period, and wherein the additional authentication and verifications of the subscriber information do not comprise receiving a new request to issue a digital certificate to a subscriber system; and 
 cause, by the processor, revocation of the long-lived digital certificate at a revocation status database over a network upon determination that the subscriber information in any of the additional authentications and verifications is no longer valid, wherein the long-lived digital certificate is not reissued upon determination that the subscriber information in the additional authentications and verifications remains valid.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.